What are SYS 32 files

[Dave L.]

I am disgusted with Norton anti virus right now, they
want a pocket full of change just to call for some help.
Ok, I have been swamped with the Sven/MS update virus
mess, I haven't gotten the virus Norton has picked them
out, yet has been unable to repair them. All of the
viruses previously were TMP files in quarantine so I was
told DELET no problem, I have not downloaded one e-mail
or opened any attachments now I have 9 viruses in
quarantine but they are identified with blah.blah.blah.exe
Properties shows, TYPE Application, WINDOWS\system32
files. Now what do I do. I am so confused I thought you
could only get viruses by opening attachments, not true.
Can I delete the .exe's Type Application,
WINDOWS\system32 files, without losing my computer as I
know it??? HELP

 

[Tim]

No, the \Windows\System32 folder is a system-required folder. Granted, it may
contain some viruses you have picked up.

What version of Norton Antivirus are you using?

Make sure you have the latest virus definition files for them. Also, when a
virus is found, it should give you a "more information" or a link to their
website about the virus. Other than deleting the virus (which if it cannot be
repaired, that's what you should do), the virus may have made other system
modifications. Symantec's website would list removal instructions as well as
registry keys that should be deleted.

Also, make sure you are up to date with all the latest Critical updates from
Microsoft. http://windowsupdate.microsoft.com.

Also, make sure you have a functioning firewall installed. Norton Personal
Firewall is an excellent choice, and is far more featured than the Internet
Connection Firewall that is built into Windows XP (however the built-in one
comes with the operating system, it does not offer as many features to control
and is far more difficult to customize for various software titles out there).

http://www.microsoft.com/windowsxp/expertzone/columns/northrup/02august12.asp

Viruses can attack your PC, especially if you are not up to date on all the
critical updates. They can hack into your computer thru the internet and infect
you that way. A recent example would be the MSBlaster Worm.

Hope this is of some help.

 

[Dave L.]

I have Norton 2002 Anti-Virus software, and I paid to
keep updated thru a new SUBSCRIPTION thru Norton, yet
they tell me I don't have the latest version to repair the
current viruses, I thought when you paid for a new
subscription you got the same thing as going to the store
and buying the software.

 

[Tim]

Yes and no...... the subscription is for the definition files... which basically
tells Norton how to detect them and not necessarily how to remove it. Most of
the time, I suspect the EXE itself is the virus, rather than the real program
being infected with it. That at least is the case with all of my viral
infections so far. In that case, the file cannot be repaired because there's
nothing to repair, only to be deleted, which Norton will gladly do for you.

But, as the version numbers in the software increase, they include added
abilities for repair options. But again, that's only IF it can be repaired.

My most recent virus attack created a folder in my C:\Windows\System32, named
"Sys32" (so C:\Windows\System32\Sys32). Inside that folder, it created 16 EXE
files, all of which were the virus itself and shared it out on Kazaa. The virus
was discovered on Sept 5th, and my definition files were just a day or to prior
to that so Norton didn't detect it until after I updated the definition files,
and it automatically did a full system scan this past Friday.

Norton found the virus on my computer and deleted the infected files, however it
did not reverse the registry changes the virus made. That has to be done
manually, so I went to their webpage and found out what it did and reversed it
myself.....

That, I think, is what needs to be done for you. Delete the infected files,
delete (if any) registry keys that were affected, and scan your system again for
more infection.

If the files cannot be deleted, you might try task manager and going to the
processes tab, look for the exe name and end task on it. If all else fails,
boot into safe mode and run virus scan from there...

I hope this is of some help...

All the best,

Tim

 

[Kelly]

Hi Dave,

Go to the Task Manager and end the process on each blah.blah.blah.exe. Once
done, you will them be able to
remove them from the system32 folder.

You will also want to check your run keys for the same:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\RunOnce

/top10faqs.htm